This chapter is from the book

“Security” used to refer solely to one’s physical safety, such as having good door locks and perhaps a home security system. But in our modern world of hacks and malware and phishing, security increasingly focuses on the important information stored on your computer and devices. You can take concrete steps to keep burglars out of your house, but if a malicious entity steals your credit card information—usually from a hacked retailer, not directly from you—your bank accounts could be drained without you even knowing about it.

Understand at the outset that we’re not going to sugarcoat security in this chapter. The days when you could choose a pet name as a password, or use the same password for more than one Web site or service, are long over. Security is now a fact of daily digital life.

The good news is, you’re not powerless against these threats. In fact, employing good passcodes, using the security features of iOS and OS X, and making a few smart decisions ahead of time goes a long way toward keeping you and your family members safe from technological threats.

Passcodes on iOS

Set a passcode on your iOS device.

No ifs, ands, or buts.

Yes, some friends or family members may protest at having to enter a code every time they want to use their iPhone or iPad, but it’s worth pointing out that they probably wouldn’t leave valuables in plain view and the door unlocked when they leave the house.

By default, iOS prompts you to create a passcode when you first activate your device, as well prompting you to enable Touch ID if your device supports it. The latter will certainly be easier for most folks, but remember that it’s no excuse for not creating a secure passcode—in fact, the convenience of Touch ID gives you a great opportunity to create an even more secure passcode, since you won’t have to enter it as often.

Since iOS requires only a four-digit passcode, entered on a standard number pad, the ability to create a truly secure code might seem limited. However, you can increase the security by choosing a passcode that is much more difficult for someone to crack:

Go to Settings > Passcode. (On devices that include a Touch ID sensor, the setting is called Touch ID & Passcode.)

This lets you use passwords composed of numbers and other characters, and have them be of any length. When iOS prompts you for your passcode, instead of giving you the number pad you’re shown a full keyboard (4.2).

If you prefer the speed of entering numbers, you can deactivate Simple Passcode, as instructed, and set your passcode to a longer string of just numbers. When iOS asks you to enter your passcode, you still get the number pad. On the downside, this could alert a potential hacker to the fact that your passcode doesn’t contain non-number characters, so you should make it even harder to guess.

NOTE

A passcode isn’t just a door to keep unauthorized people out. When you set up a passcode, all data on the device is encrypted. If, for example, someone were to get hold of your iPhone, open it up, and attempt to access the memory chips directly, the information would be scrambled.

Do You Have Touch ID? Use It

Touch ID is more than just a convenient trick for unlocking your iPhone or iPad. If you own an iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air 2, or iPad mini 3, you were asked during initial setup to scan your fingerprint for Touch ID. That fingerprint image is stored in a section of the device’s processor called the Secure Enclave, which, in addition to having a cool name, is inaccessible by other areas of the system except in very specific circumstances. The print is never shared outside the device (such as via iCloud).

With Touch ID, you can verify purchases from the App Store and iTunes Store without entering a password. App developers can also take advantage of the feature—for example, 1Password can be opened by pressing the Touch ID sensor (the Home button). (We cover 1Password later in this chapter.)

You can configure up to five fingerprints for Touch ID. That’s handy for using, say, your left thumb as well as your right thumb, but you can also set up a fingerprint for someone you trust, like a spouse or parent.

Go to Settings > Touch ID & Passcode.

Enter your passcode.

Tap Add a Fingerprint.

Follow the instructions for placing your finger on the sensor to read it (4.3).

When the print is stored, optionally tap it in the Fingerprints list and give it a name that’s more descriptive than “Finger 2.”

NOTE

We’ve heard of a few occasions where Touch ID becomes less responsive over time, although recent iOS updates seem to have improved the situation. If you run into this problem, go to Settings > Touch ID & Passcode, delete the existing fingerprints, and set them up again.

Additional Passcode Options

iOS also allows you to choose how often your passcode is required, assuming you’re not using Touch ID. This dictates how long your iOS device needs to be locked before once again prompting you for your passcode. Options range from Immediately to After 4 Hours (4.4).

In general, the smaller the interval, the more secure your device will be. Granted, it can be annoying to have to enter a lengthy passcode every time you want to use your iOS device, but that convenience is balanced against the security of your device should it fall into the wrong hands. For a device that may not leave your house very often—an iPad used by kids, perhaps—you may be able to get by with the After 1 Minute or After 5 Minutes options, but again, if you carry your iPhone with you everywhere, Immediately is the best option. If you’ve enabled Touch ID, it’s also the only option.

The other setting to consider, which isn’t part of the Passcode section of Settings, is device Auto-Lock, which can be found under Settings > General. This is where you can set how long it takes your iOS device to automatically lock itself—turn off the screen, and so on (4.5). Again, shorter times generally help maintain better security.

The Settings > Passcode section also allows you to control whether or not certain features are active on your iOS device when it’s locked. On the iPad, this includes features like the Today and Notifications views of Notification Center and Siri; on the iPhone, it also includes the Reply with Message function when you receive a call, and Passbook.

Finally, if your iOS device contains particularly sensitive data, or you are very concerned about nobody getting access to your information, you can enable the Erase Data option, which will delete all content on your device after 10 incorrect passcodes are entered.

TIP

The Erase Data option is particularly unforgiving. Keep in mind that if your household contains, say, a young child who might have access to your iOS device and may try to guess your passcode or even enter random information, you could end up with a wiped device pretty quickly.

The Elements of a Good Passcode

Password hygiene is important, and iOS device passcodes are no exception. In fact, given that most of us carry our iPhones with us wherever we go, and that they often contain access to our email, contacts, text messages, and banking and other accounts, it’s even more critical that they be well protected.

A good password is, ideally:

Easy to remember. Having a password so complicated that it must be written down defeats the very point of a password. Using letters, numbers, and special characters all contribute to making your password harder to guess.

TIP

One way to make an easy to remember password is to take a phrase, song lyric, or quote, and use the first letter of each word and then add on a piece of punctuation and a number. For example, “Help me, Obi-wan Kenobi, you’re my only hope!” could become “hmokymoh!4”.

Hard to guess. As tempting as it might be to use your pet’s name, your birthday, or your mother’s maiden name, all of these facts are surprisingly easy to find with just a modicum of Internet research.

Not reused. The passcode you use to open your iPhone shouldn’t be the same as what you use on any other site or service.

But wait, you may be saying, didn’t we argue at the beginning of this chapter to not choose passwords that are easy to remember? You’re correct! In this case, we’re talking only about choosing the passcode that unlocks your device. When it comes to passwords for Web sites and services—especially critical accounts such as your bank or other financial sites—you want the security that a truly randomly generated password provides. We go into that later in this chapter.